This copy is for your personal non-commercial use only. To order presentation-ready copies of Toronto Star content for distribution to colleagues, clients or customers, or inquire about permissions/licensing, please go to: www.TorontoStarReprints.com

Cyberattack surge may be the new normal

Our growing connectedness — along with “simple cluelessness” — giving hackers an edge that’s only likely to get worse

Queen’s University professor David Skillicorn says security breaches proliferate in a world lacking an international extradition framework that can target cyber criminals. And consumers seem to be willing to sacrifice security for online convenience, he adds.
(Harrison Smith)

Bell Canada, French mobile operator Orange and U.S. hotel management firm White Lodging are among the latest targets of cyber attacks that are growing exponentially in an ever more connected world.

Experts say breaches of corporate data bases have ramped up thanks to factors such as the rise of third-party or cloud storage, the proliferation of open-source smartphones, and the advance of banking and other financial transactions across mobile platforms.

Add in increasingly sophisticated hacking tools and more brute computing power and the result is an easier road for criminals aiming to breach protected data, said Queen’s University professor David Skillicorn.

While the average business or consumer is more capable of countering cyber attacks today compared to a decade ago, Skillicorn said the hackers remain a few steps ahead.

He also blamed the “simple cluelessness” of such practices as maintaining default password settings for many data compromises, although Kaan Yigit, president of Toronto-based consulting firm Solutions Research Group, said more breaches are happening “because more and more of our lives and money is online.

“As well, businesses are quick to acknowledge a breach to limit further damage and the need for greater transparency in a social media world — so there is better reporting,” he said in an email.

Skillicorn cited a lack of a global extradition framework that can target cyber criminals along with the difficulty in identifying hackers — but he said consumers seem to be willing to sacrifice security for online convenience.

That means much of the impact is borne by institutions such as banks, which have the ability to react, he added.

Montreal-based Bell, meanwhile, said it is continuing to investigate after 22,421 user names and passwords and five valid credit card numbers of its small-business customers were posted on the Internet over the weekend.

It said the posting results from illegal hacking of an Ottawa-based third-party supplier’s information technology system.

“We informed credit card companies, disabled affected passwords and contacted customers when we became aware of the situation,” Bell said in a statement.

Bell says it own network and IT systems were not affected, adding that the breach does not affect Bell residential, mobility or enterprise business customers

A group called NullCrew said in an unconfirmed Twitter post that it was behind the attack.

That incident, however, pales in comparison to a recent breach of credit card data that affected 20 million customers in South Korea, a hack into 800,000 customer accounts at French mobile-phone operator Orange and the theft of the credit and debit card data of thousands of guests who stayed at some U.S. hotels last year managed by White Lodging, according to a report from security blogger Brian Krebs. White Lodging said Monday it is investigating the suspected breach.

U.S. retailer Target Corp. late last year said about 70 million customers had information such as their name, address, phone number and email address hacked in a breach.

A report from security software vendor SophosLabs cited more attacks targeted at specific companies or institutions, including organizations not previously seen as prime targets. It said most are aimed at compromising financial accounts.

“Cyber crime is moving to mobile but people are not aware. It’s still not as big as computer crime but it’s growing fast. The trend is a very dangerous situation,” he said at a conference in Israel.

IP communications consultant Jon Arnold of J Arnold & Associates in Toronto said businesses large and small are struggling to adapt to online attacks that he expects will increase in frequency and scale. “It’s becoming just another cost of doing business,” he said.

More from the Toronto Star & Partners

LOADING

Copyright owned or licensed by Toronto Star Newspapers Limited. All rights reserved. Republication or distribution of this content is expressly prohibited without the prior written consent of Toronto Star Newspapers Limited and/or its licensors. To order copies of Toronto Star articles, please go to: www.TorontoStarReprints.com